1. Who We Are
Frosteria ("we", "us", or "our") operates the online store at frosteria.com. We sell the Frosteria Arc Pro misting fan and related products to customers across the European Union.
For privacy-related matters, you can contact us at: support@frosteria.com
2. What Personal Data We Collect
We collect the following types of personal data:
- Order information: Name, delivery address, email address — collected when you place an order via Stripe Checkout.
- Payment data: We do not store your card details. All payments are processed securely by Stripe, Inc. See stripe.com/privacy.
- Email address: If you voluntarily subscribe to our newsletter or discount offers.
- Usage data: Anonymous analytics data (page views, device type, country) via Vercel Analytics. No personal identifiers are stored.
- IP address and browser information: Collected automatically by our hosting provider (Vercel) for security and performance purposes.
3. How We Use Your Data
We use your personal data for the following purposes:
- To process and fulfil your order (legal basis: contract performance)
- To send order confirmations and shipping updates (legal basis: contract performance)
- To send marketing emails, if you have opted in (legal basis: consent — you may withdraw at any time)
- To comply with EU tax and customs obligations including IOSS VAT remittance (legal basis: legal obligation)
- To improve our website and store (legal basis: legitimate interests)
4. Who We Share Your Data With
We share your data only with the following trusted third parties, solely for order fulfilment purposes:
- Stripe, Inc. — payment processing (USA, with EU Standard Contractual Clauses)
- Our logistics partner / fulfilment centre — for packing and shipping your order (China-based, your address is shared for delivery)
- Klaviyo, Inc. — email marketing, only if you subscribed (USA, with EU Standard Contractual Clauses)
- Vercel, Inc. — website hosting and analytics (USA, with EU Standard Contractual Clauses)
- EAS Project — IOSS VAT registration intermediary (EU-based)
We do not sell your personal data to any third party.
5. International Transfers
Some of our service providers (Stripe, Klaviyo, Vercel) are based in the United States. When transferring your data outside the EU, we ensure appropriate safeguards are in place, such as EU Standard Contractual Clauses (SCCs) approved by the European Commission.
6. How Long We Keep Your Data
- Order records: 7 years (required by EU tax law)
- Email marketing lists: Until you unsubscribe or request deletion
- Analytics data: Aggregated and anonymised — retained indefinitely
7. Your Rights Under GDPR
If you are located in the EU/EEA, you have the following rights regarding your personal data:
- Right of access — request a copy of data we hold about you
- Right to rectification — ask us to correct inaccurate data
- Right to erasure — request deletion of your data ("right to be forgotten")
- Right to restrict processing — ask us to pause use of your data
- Right to data portability — receive your data in a machine-readable format
- Right to object — object to processing based on legitimate interests or direct marketing
- Right to withdraw consent — for any processing based on consent (e.g. newsletter)
To exercise any of these rights, email us at support@frosteria.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority.
8. Cookies
We use only essential cookies required for the website to function (e.g. session management during checkout). We do not use third-party advertising cookies or tracking pixels. For more information, see our Cookie Policy.
9. Security
We take reasonable technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction. All data transmitted to and from our website is encrypted using HTTPS/TLS.
10. Changes to This Policy
We may update this Privacy Policy from time to time. The date at the top of this page reflects when it was last revised. Continued use of frosteria.com after changes constitutes acceptance of the updated policy.